Security Incidents mailing list archives
INCIDENTS () SECURITYFOCUS COM
From: Thor () HammerofGod com
Date: Mon, 14 May 2001 12:05:45 -0700
FWIW, IIS5.0/Exchange 2000 SMTP uses TCP 53 for DNS queries. AD
Jason Lewis wrote:DNS queries are on UDP port 53. TCP port 53 is used for zone transfers.
By
blocking TCP port 53 I can't do zone transfers, but clients can still do lookups on UDP 53. Since I have blocked TCP port 53, I have seen a
decrease
in attack attempts on my name servers, primarily because that port isn't open. I do still see scans for the DNS ports, but nothing more than a
port
scan. My question is...Can anyone come up with any pros/cons of doing this?
Current thread:
- INCIDENTS () SECURITYFOCUS COM Thor (May 14)